Clone
1
Architecture Overview
WMJ Ismail edited this page 2026-07-03 09:00:59 +02:00
Table of Contents
Architecture Overview
System Diagram
┌─────────────────────────────────────────────────────────────┐
│ Developer Workflow │
│ git push → Gitea (git.falahos.my) → Actions Runner │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Gitea Actions (Docker Swarm) │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ CI │ │ Deploy │ │ Sync │ │ Health │ │
│ │ lint + │ │ git push │ │ cPanel + │ │ every │ │
│ │ security │ │ + WP API │ │ Nextcloud│ │ 30min │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────┴──────────────┐
▼ ▼
┌──────────────────────┐ ┌──────────────────────────┐
│ cPanel (Hosting) │ │ Contabo (Docker Host) │
│ │ │ │
│ WordPress Site │ │ Gitea (git.falahos.my) │
│ ummah.falahos.my │ │ Nextcloud │
│ │ │ team.falahos.my │
│ Hermes Plugin: │ │ │
│ ┌───────────────┐ │ │ Gitea Actions Runner │
│ │ REST API │ │ │ (Docker Swarm service) │
│ │ hermes/v1/* │ │ │ │
│ ├───────────────┤ │ │ OpenClaw AI API │
│ │ WP-Cron │ │ │ (via Mac Mini) │
│ │ Agent Sched. │ │ │ │
│ ├───────────────┤ │ └──────────────────────────┘
│ │ AI Provider │ │
│ │ (OpenClaw) │ │
│ ├───────────────┤ │
│ │ Nextcloud │ │
│ │ Bridge │ │
│ └───────────────┘ │
│ │
│ cPanel Git: │
│ auto-pull from │
│ Gitea on push │
└──────────────────────┘
Data Flow: Content Generation (Ody Clone)
User/REST Client
│
▼
POST https://ummah.falahos.my/wp-json/hermes/v1/content/generate
│
▼
WordPress: rest_ensure_response() → HermesAiBridge\RestController
│
├──→ Validate Application Password (HTTP Basic Auth)
├──→ Parse request: prompt, tone, length
│
▼
HermesAiBridge\AiProvider
│
├──→ Call OpenClaw API (on Mac Mini or LLM provider)
├──→ Handle response / error
│
▼
Return generated content as JSON
│
▼
WP-Cron (async) → HermesAiBridge\Scheduler
├──→ Post to WordPress as draft
├──→ Sync to Nextcloud
└──→ Log to database
Data Flow: Auto-Reply (PI Clone — Planned)
bbPress Forum Topic / Comment
│
▼
WordPress hook → HermesAiBridge\PiController
│
├──→ Analyze topic content
├──→ Generate reply via AI Provider
│
▼
Post reply as specified user
│
▼
Notify thread participants (email/WhatsApp)
Authentication Flow
HTTP Request
│
▼
Cloudflare → ummah.falahos.my
│ (No WAF block — passes through)
▼
WordPress → Check Authorization header
│
├── Has "Basic base64(user:app_password)"?
│ └── Yes → WordPress validates Application Password
│ └── Valid → Process request
│ └── Invalid → HTTP 401
│
└── No HTTP Basic Auth?
└── REST API returns HTTP 401
Key insight: Application Passwords authenticate at the WordPress application layer, not at the network layer. This means:
- Cloudflare WAF is transparent to them
- No special IP whitelisting needed
- Works from any IP, any network
Plugin Components
REST Controller (rest-controller.php)
- Registers
hermes/v1namespace - Routes:
content/generate,nextcloud/sync,settings - Authentication via
is_user_logged_in()or Application Password
AI Provider (ai-provider.php)
- Connects to OpenClaw API
- Handles prompt formatting, response parsing
- Fallback: Curl-based HTTP client (no cURL extension needed)
Scheduler (scheduler.php)
- WP-Cron hooks for periodic tasks
- Content generation schedules
- Health check tasks
Nextcloud Bridge (nextcloud-bridge.php)
- WebDAV sync to
team.falahos.my - Uploads published content
- Syncs agent artifacts
Environment
| Component | URL | Hosting | Purpose |
|---|---|---|---|
| WordPress | ummah.falahos.my | cPanel (RoketServer) | Agent runtime |
| Gitea | git.falahos.my | Contabo Docker | Source + CI/CD |
| Nextcloud | team.falahos.my | Contabo Docker | Team hub |
| Gitea Runner | — | Contabo Docker | CI/CD execution |
| OpenClaw | 100.72.2.115:4747 | Mac Mini | AI inference |